Posts by pitagora

Page:

To be fair, I'd say he is about to get a major upgrade in prison conditions. You really don't want to go to prison in Eastern Europe. I can image he hopes to serve the rest of his sentence in the US instead of Romania.

Re: Bad security?

They can't encrypt data the system actively uses in an automated way, such as emails, because then they would need to also keep the private keys in handy for the server to use. If the keys get compromised it's like you never encrypted the data at all. It would render everything pointless

Re: Is it just me...

seriously? I know people like to play devils advocate but this is silly. Why would anybody implement arithmetic (think how hard this is to do) on pins vs the very simple possibility that pins end up in a query such as:

select * from Accounts where PIN = 31337 * 1 *1 *1

For the record, when testing parameters for injection the first approach is indeed to use math operators and see if they get evaluated. There is no legitimate reason why these would be evaluated other then if they end up in a sql statement in raw form. The fact that it's a blind injection doesn't make it any less dangerous because you are very well known methods of obtaining table and field names using this boolean result. There are automated tools designed for this.

Santa: the problem is a supposedly an uptodate Linux got rooted and nobody knows how? Doesn't this concern you at all? It's a disaster. This could mean every single Linux machine out there could be vulnerable. Until we know for sure that how we should treat the situation. Personally I don't have/run any Linux servers, but some of my contacts do and they are freaked out!

Chrome = spyware

Every 1-2 weeks I have to delete Chrome from my parents PC, and they swear they don't even know what it is. I'll tell you though: it's a nasty peace of spyware that installs it's self with other products and steals personal information without the users knowledge, and then legalizes this through a very long T&C.

Chrome is spyware, so good riddance. As for my parents PC, I wish MSE has some option like "permanently consider this program a spyware", because in the end this is what Chrome is.

I have a feeling that "productively" for you means office apps like wordperfect for DOS :)) You know so people's needs go beyond typing documents. I for instance need synchronization of documents with my coworkers and versioning (Office 2008), access to ERP and reporting software (powered by hopefully a fast database preferably not stored in a file on my DOS system but somewhere where my colleagues can access too - even those working in other locations then me), need some CRM software preferably integrated with our voip phone system. My colleagues at marketing also need a powerful image editing software, email applications (not text only!!!) to be able to send drafts of their work, etc.

As for other people, "productive" applications also tend to include engineering design applications (and please don't tell me AutoCAD R12 for DOS because at today's standards there isn't much you can do with it), architectural design applications, simulators, etc. Most of these tasks couldn't be done with the software or hardware available in that period. Without them we'd all just be living 80s-90s, without all the technological advancements done since. If we are at it, why don't we just give up technology entirely and live caves like we used to, right?

how do you know how much is fair?

The problem is: what is a fair price? How does the user know what is fair? I mean yes, the development cost is the same when selling 100 million copies or selling 1 copy, but how do you know how much we sell? Did anybody bother to calculate how much it would cost to develop that software? Did anybody ever think that for each sale made there is a cost in support and in the sale it's self? Sometimes up to 50% goes to the person/company that sold the product, not to the one that made it. Did you know that? Does that go into your fair price too?

I have a software company in Eastern Europe (where price are considered to be small and everybody outsources). A programmer costs about 3000$ a month with salary/taxes/social security. Developing a small application (like dentist office management tool) needs a few months and a team of a few people to develop. For a 6 month of work and 4 programmers we already have 72000$ just in development costs.

Now what is a fair price for the application? What do you think is fair? 200$? Noooo....you'll scream....windows does more and costs less. Unfair! Lets steal it instead. Well it's all about volume. My case there is a small target audience, reached hard. We are not expected to sell millions of copies. In fact in order to break even (and not make any profit at all) we are going to need to sell 360 copies at 200$. But oh wait: the application doesn't sell it's self so put some marketing in it. Selling 360 copies requires finding 360 doctors and convincing them to pay 200$ (if they think it's fair), and don't already use another app. For each sold application you'll have a cost in marketing. Then you realize that with the cost of sale you need to sell about 500 copies to break even.

You sell your 500 copies and you notice that your phones are ringing all the time. There are 500 users that need support. You hire some support people to answer the phone and assign a developer or 2 permanently on dealing with bugs and issues, and offering patches to customers. Just supporting your small application costs about 10000$ a month.

In the end you realize you can't sell more then 500 copies because there aren't enough dentists around you that need it. Most of them already use a competitor product (or if your product is truly good - most of them will use a pirated copy of your product) or some simply use Excel (most likely pirated). Your own pirated copies become your competitor. You can't sell because they already have it for free.

Now the above is just hypothetical. It's just an example. We sell a different kind of application with a different (unfair) price. The hard truth is in our case that we know there are about 3 times more copies in use then we sold (we have some callbacks in the app). We are at the point where we haven't even broken even yet and I think it's unlikely to. We are about to discontinue the application ironically not because it isn't needed or used but because of people steal it instead of buying it.

As for difference between piracy and theft: is there any? If you shoplift a dvd/cd with my software from the store or download it from a torrent do you think it makes any difference for me? The dvd it's self only costed 50 cents. I don't even care about it. The real value was the software in wich I invested possibly hundreds of thousands of dollars. Why is it any different that you go shoplifting for software in a store or download from torrents? From my perspective the difference is 50 cents. Why does somebody go to jail for this 50 cent difference if he steals from the shop around the corner and just a file (perhaps) if he downloads it? I don't get it. I go out of business anyway....

theft (stealing a cd) = pirating + 50 cents for the cd

If you shoplift a dvd/cd with my software from the store or download it from a torrent do you think it makes any difference for me? The dvd it's self only costed 50 cents. I don't even care about it. The real value was the software in wich I invested possibly hundreds of thousands of dollars. Why is it any different that you go shoplifting for software in a store or download from torrents? From my perspective the difference is 50 cents. Why does somebody go to jail for this 50 cent difference if he steals from the shop around the corner and just a file (perhaps) if he downloads it? I don't get it. I go out of business anyway....

guy caused 26 accidents by sheer panic - how is it not terrorism?

I don't know about you but last time I had a family member in a hospital (for something unlikely to be life threatening by the way) I was speeding across town at night 130 km/h (with the obvious 50 km/h limit of course). Until you are in that panic situation you can't even image how it feels to be afraid for a loved one. If I though my family was being held hostage somewhere I probably wouldn't have even looked at the red lights anymore and just hit the paddle. No wonder there were 26 accidents because of this when everybody started to drive like in need4speed.

PS: I have a great prank idea. Lets tell everybody at a clinic they have HIV and lets see if any of them kill themselves over the news. Afterwords we can say: sorry, it was just a prank.

F off Mozilla

A lot of plugins aren't working on FF 4 yet. I still regret updating to this day! If we upgrade to FF 5 even more will break. You know, just f off! The only reason FF is great are plugins, and you are taking that away from us. We will switch to chrome if this continues.

@The BigYin

Actually it's the "platform's" responsibility to keep some level of backwards compatibility. If you think about it what would happen if every time you change your windows version ALL your applications stopped working, like it happens in firefox? Lets be honest here, Microsoft has done a very good job keeping Windows backwards compatible. There are incredibly few applications that don't work (even windows 3.1 apps), and those that truly don't are the coders fault, for using undocumented features, that were subject to change.

I can't say the same about Firefox. I upgraded to FF 4.0 and I'm pissed that some essential plugins for my work no longer function!!! They are essential to me. I have to downgrade, or else.....

I don't see other options then downgrading, other then perhaps looking for a Chrome plugin that would do the same job I need....

new study!!!

I just made a scientific study on me and my gf. Apparently 50% of the people listen to hard rock and metal, watch only scifi movies and play Quake in their free time. The other half of the world listens to Enya and likes to talk a lot about their feelings.

Given that both studies have a similarly badly chosen sample they have pretty much the same scientific value.

study is amaturish

The study involved 106 adolescent participants, 46 of whom were diagnosed with major depressive disorder...

WTF? What kind of idiot make a statistic like this? The sample is good, only if almost half of the teens worldwide are depressive. Otherwise the whole study is bent.

Doing a study on a group of depressive teens has a different meaning: the statistical conclusion they should have taken is that depressive teens don't like to read books (perhaps it's even more depresing to do so) and listen to music. Not the other way around! Basic statistics!

"Sophos remain a very strong company with growth potential,"

all do and none do

all do. In fact none do. Not even google. Your browser is the one that shares the referrer not google. It can't be changed by google and normally it shouldn't. Those experiments are more like hacks that have nasty side effects. One of them is that the search engine would not work for anybody that has javascript disabled or for browsers that don't support ajax.

ScriptResource.axd is the key to download any file

IIS will serve it through ScriptResource.axd. All you have to do is encrypt the arguments with the machinekey. ... the same machine key you can steal with this exploit. Ups...there goes your DB connections strings :) And if you have an shared host like most people do, you might have a sql server that is accesible from the internet (hosts do this so they allow you to connect with SQL Server Management Studio). In this case your database just got really public. All your sensitive database, and possibly admin accounts get shared with dog + world. Nice eh?

The title is required, and must contain letters and/or digits.

the reason is how easy php is. Anybody can learn it and think he masters it in less then a month. Imagine the websites he creates, the scripts etc.

Second reason open source....when a large application like wordpress is open source hackers can analyze it to find bugs. It a lot quicker then black box testing. Proprietary solutions are harder to crack, provided that the developers test it properly first, or hire some pentesters.

what pledge?

Check out Bernoulli's Equation

Guys! Check out Bernoulli's Equation, and look at the terms that it uses to calculate a siphon. Gravity is not a factor! density is, P is pressure, h is height.

And by the way...siphons work in 0 gravity too :) The gravity however does create air pressure which in term drives the siphon, but it can work in the absence of gravity as well as long as the air pressure exists (i.e. artificially created)

will never buz ubisoft games ever

My last experience with ubi soft so quite bad :( The game didn't work because I have an emulator installed (which for the record I use only with legal ISOs - I have a MSDN Pro Subscription and the only way you download the software from it is as ISO).

Anyway why buy a game if in the end I still need to find a cracked version to be able to play it? I refuse to pay them money just so I end up looking for cracks and warez and exposing my self to viruses because Ubisoft tries to dictate what I can and can't have installed on my PC? If they would say all these restrictions on the box, so I can see them before I buy this piece of crap yes, but I just hate surprises and no refunds! No more buying from Ubisoft for me!

The title is required, and must contain letters and/or digits.

it's the other way around: internal variables in functions are not kept, but function names are. All class and member names are kept in the byte code. This byte code can be fully decompiled to a working java program.

As for you suggestion of naming variables A, B and C: that's called obfuscating and it's a very common practice, except it's done directly on the binaries using some expensive software :) Basicly that software will rename all your classes and methods to things like A.A.A and A.A.B and overload methods to the absurd. You would end up with 20 unrelated methods A in class A. Good luck to anybody trying to reverse engineer it.

The title is required, and must contain letters and/or digits.

1. You can't fight a crime with another crime. It's illegal to infect somebody's PC, for whatever reason, even if you have good intentions

2. AV companies that could do this if it was legal (which it is not) would not benefit from this. Their goal as a company is to make money, to pay salaries and dividends to share holders. They have to bring money home to their families. Nobody can afford to work for free.

The title is required, and must contain letters and/or digits

it was always like this. Undercover agents are supposed to infiltrate and if necessary do things that would otherwise be considered illegal. This was always the case. Besides, the intention is to catch pedos, not to drive a young girl to suicide. It's quite a different thing.

The title is required, and must contain letters and/or digits

Looks like windows mobile is about to take all the defects of Iphone, without any of the benefits. The reason I like WM now is that I can develop apps for it without being censored of the likes of Apple. This leaves room for open source, for custom software made for business use, etc.

If WM becomes an Iphone clone, then I don't want it anymore. If I have to chose the lesser of two evils, then I will chose the one with the most apps available (and that's iphone).

So message M$: removing the freedom in programming (all that control) will definitely loose me as a customer, and developer).

yeah.....

....it's confusing to have the two together. Developing for IE is a pain, but I have to admin that it's a lot better then Chrome. IE 7 and 8 complies with the standards a thousand times better then Google Chrome. At least M$ is doing steps towards compliance, while Google is going the wrong way.

The title is required, and must contain letters and/or digits.

I think the author is hasn't done his research

"a variety of password recovery tools will do the job for around $80"

The tools exist, but they don't do the job. Resetting the superviser password involves replacing an EEPROM chip on the motherboard, among others. This is very risky to do by hand even by a specialist. The board has a very high density and even the slightest mistake will destroy that board. There is also the question of resetting the TPM chip if one exists. Now these chips are designed so that they can't be reset. At least the procedure is a very close guarded secret. Can't say the superviser password can't be reset with the right equipment and expertize, but it would definitely cost more then a brand new laptop.

i would pay for a crack

considering that I don't have always have an internet connection and the only thing I can do on the PC to amuze me when I don't, is play single player games, this is going to be a problem for me. The only reason why I would buy a single player game is to play it offline. Multiplayer games are a lot more fun, but since I don't always have an internet connection I can settle for single player. Well apparently not in this case :(

I'll be very honest here: I will probably play the regardless if I pay the money to some guy that found a smart way to crack it, instead of UbiSoft. YES, I'm not willing to buy the game if can't use it offline, but I would be willing to pay the full amount for a cracked version, as I am sure others would too. So a message to anybody out there trying to crack it: you have at least one customer if you succeed.

I test my websites on ALL browsers above 1% market share.

As a web designer I have to design pages to look great on all browsers. Yes, IE 6 is a nightmare as it doesn't comply with lots of standards. Second on the nightmare list is Chrome and then IE 8. Unfortunately when the client comes and tells me the page looks shitti on IE 6 I can't tell him to change the browser because it doesn't comply. He will ask me to fix the problem. He pays me for that, and since I can't fix IE 6 and I have to fix my page. And lets not forget that over 20% on the users still have IE 6. No way they can be ignored simply because you don't like that browser.

same thing actualy

yes it's exactly the same, because producing that content costs money. That money was paid for, and it's not coming back in the form of revenues. So people do loose money! It's essentialy the same thing. Somebody steals the money from your back account, or they simply steal your salary even before it gets to your bank account. Either way you don't get the money you worked for, do you? Do you like working for free?

backdoor

The crypto key was stored on the disk, but encrypted with a universal key for all drives. This is obviously supposed to be a backdoor too allow them to decrypt any drive. They probably stuck a deal with the FBI or something. Unlucky for them, somebody discovered the backdoor.

My 2 disks go directly into the camp fire. I will never buy again from Kingston!

IIS has the next largest marketshare after apache

IIS is the best web server available on windows servers. Of course you could install a free apache, but the features simply don't compare. 99% of windows hosting companies use it for both asp.net and php.

java and backwards compatibility shouldn't even be in the same sentence

keylogger wouldn't work

@oliver 8: you can't install a keylogger if you can't boot the machine. You can't even flash BIOS to include a keylogger because the TPM chip would get you. The combination of TPM+Bitlocker is supposed to make the PC tamper proof.